CVE-2025-46686

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-46686
Type cve
Published 2025-07-23T19:15:33
Last Seen 2025-07-24T06:59:23
Modified 2025-07-23T20:15:26

CVSS Information

Base Score 4.9 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Analysis

AI Description Redis versions up to 7.4.3 are vulnerable to memory consumption via multi-bulk commands from authenticated users. The server allocates memory for command arguments even when commands are skipped due to insufficient permissions.
AI Severity Medium
AI Vendor Redis Labs
AI Product Redis
AI Version 7.4.3 and below

Additional Information

CVE List CVE-2025-46686
CWE List CWE-789
Bulletin Family cve

Description

Redis through 7.4.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.